From 339ce1c4e90605b736745b1f04493a247b2627ec Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sun, 8 Mar 2020 15:17:39 +0100 Subject: Add specific rate limits for posting and following (#13172) --- spec/controllers/account_follow_controller_spec.rb | 2 +- .../controllers/api/v1/statuses_controller_spec.rb | 46 ++++++++++++++++++++-- 2 files changed, 43 insertions(+), 5 deletions(-) (limited to 'spec/controllers') diff --git a/spec/controllers/account_follow_controller_spec.rb b/spec/controllers/account_follow_controller_spec.rb index ac15499be..9a93e1ebe 100644 --- a/spec/controllers/account_follow_controller_spec.rb +++ b/spec/controllers/account_follow_controller_spec.rb @@ -25,7 +25,7 @@ describe AccountFollowController do sign_in(user) subject - expect(service).to have_received(:call).with(user.account, 'alice') + expect(service).to have_received(:call).with(user.account, alice, with_rate_limit: true) expect(response).to redirect_to(account_path(alice)) end end diff --git a/spec/controllers/api/v1/statuses_controller_spec.rb b/spec/controllers/api/v1/statuses_controller_spec.rb index 9ff5fcd3b..df8037038 100644 --- a/spec/controllers/api/v1/statuses_controller_spec.rb +++ b/spec/controllers/api/v1/statuses_controller_spec.rb @@ -39,12 +39,50 @@ RSpec.describe Api::V1::StatusesController, type: :controller do describe 'POST #create' do let(:scopes) { 'write:statuses' } - before do - post :create, params: { status: 'Hello world' } + context do + before do + post :create, params: { status: 'Hello world' } + end + + it 'returns http success' do + expect(response).to have_http_status(200) + end + + it 'returns rate limit headers' do + expect(response.headers['X-RateLimit-Limit']).to eq RateLimiter::FAMILIES[:statuses][:limit].to_s + expect(response.headers['X-RateLimit-Remaining']).to eq (RateLimiter::FAMILIES[:statuses][:limit] - 1).to_s + end end - it 'returns http success' do - expect(response).to have_http_status(200) + context 'with missing parameters' do + before do + post :create, params: {} + end + + it 'returns http unprocessable entity' do + expect(response).to have_http_status(422) + end + + it 'returns rate limit headers' do + expect(response.headers['X-RateLimit-Limit']).to eq RateLimiter::FAMILIES[:statuses][:limit].to_s + end + end + + context 'when exceeding rate limit' do + before do + rate_limiter = RateLimiter.new(user.account, family: :statuses) + 300.times { rate_limiter.record! } + post :create, params: { status: 'Hello world' } + end + + it 'returns http too many requests' do + expect(response).to have_http_status(429) + end + + it 'returns rate limit headers' do + expect(response.headers['X-RateLimit-Limit']).to eq RateLimiter::FAMILIES[:statuses][:limit].to_s + expect(response.headers['X-RateLimit-Remaining']).to eq '0' + end end end -- cgit From 61f35c1a8a7c6544fe82b733e40267f4b28a3264 Mon Sep 17 00:00:00 2001 From: ThibG Date: Sat, 21 Mar 2020 03:08:09 +0100 Subject: Fix reported accounts not being whitelisted when resolving a spamcheck report (#13289) --- app/models/admin/account_action.rb | 12 ------------ app/models/report.rb | 8 ++++++++ spec/controllers/admin/reports_controller_spec.rb | 20 ++++++++++++++++++++ 3 files changed, 28 insertions(+), 12 deletions(-) (limited to 'spec/controllers') diff --git a/app/models/admin/account_action.rb b/app/models/admin/account_action.rb index e9da003a3..b30a82369 100644 --- a/app/models/admin/account_action.rb +++ b/app/models/admin/account_action.rb @@ -62,8 +62,6 @@ class Admin::AccountAction def process_action! case type - when 'none' - handle_resolve! when 'disable' handle_disable! when 'silence' @@ -105,16 +103,6 @@ class Admin::AccountAction end end - def handle_resolve! - if with_report? && report.account_id == -99 && target_account.trust_level == Account::TRUST_LEVELS[:untrusted] - # This is an automated report and it is being dismissed, so it's - # a false positive, in which case update the account's trust level - # to prevent further spam checks - - target_account.update(trust_level: Account::TRUST_LEVELS[:trusted]) - end - end - def handle_disable! authorize(target_account.user, :disable?) log_action(:disable, target_account.user) diff --git a/app/models/report.rb b/app/models/report.rb index fb2e040ee..356c23d68 100644 --- a/app/models/report.rb +++ b/app/models/report.rb @@ -59,6 +59,14 @@ class Report < ApplicationRecord end def resolve!(acting_account) + if account_id == -99 && target_account.trust_level == Account::TRUST_LEVELS[:untrusted] + # This is an automated report and it is being dismissed, so it's + # a false positive, in which case update the account's trust level + # to prevent further spam checks + + target_account.update(trust_level: Account::TRUST_LEVELS[:trusted]) + end + RemovalWorker.push_bulk(Status.with_discarded.discarded.where(id: status_ids).pluck(:id)) { |status_id| [status_id, { immediate: true }] } update!(action_taken: true, action_taken_by_account_id: acting_account.id) end diff --git a/spec/controllers/admin/reports_controller_spec.rb b/spec/controllers/admin/reports_controller_spec.rb index b428299ee..49d3e9707 100644 --- a/spec/controllers/admin/reports_controller_spec.rb +++ b/spec/controllers/admin/reports_controller_spec.rb @@ -46,6 +46,26 @@ describe Admin::ReportsController do end end + describe 'POST #resolve' do + it 'resolves the report' do + report = Fabricate(:report) + + put :resolve, params: { id: report } + expect(response).to redirect_to(admin_reports_path) + report.reload + expect(report.action_taken_by_account).to eq user.account + expect(report.action_taken).to eq true + end + + it 'sets trust level when the report is an antispam one' do + report = Fabricate(:report, account: Account.representative) + + put :resolve, params: { id: report } + report.reload + expect(report.target_account.trust_level).to eq Account::TRUST_LEVELS[:trusted] + end + end + describe 'POST #reopen' do it 'reopens the report' do report = Fabricate(:report) -- cgit